Fault Tolerent vs. Hot Standby Controller

A

Thread Starter

Anonymous

Please tell me in detail with examples for the difference between Fault Tolerent and Hot standby controller
 
G
People will naturally have different interpretations, which have changed over time, but the simplest way to put it is:

Fault-tolerant controllers can handle single safe or dangerous failures and continue to operate properly. They were traditionally triplicated with no switching mechanisms. Their order of entry into the market was August, Triconex, Triplex, and GE (GMR). The 1oo2D vendors (HIMA, Honeywell, Siemens (old Moore Products)) would also claim to be fault-tolerant.

Hot standby is used for dual systems where one controller is online, and in the event of a failure, the system switches to the redundant controller. All DCS and general purpose PLCs operate this way.

Paul Gruhn, P.E., C.F.S.E.
Siemens, Houston, TX
[email protected]
 
Homework season, is it?

Paul Gruhn wrote:
> People will naturally have different interpretations, which have changed over time, but the simplest way to put it is:
>
> Fault-tolerant controllers can handle single safe or dangerous failures and continue to operate properly. They were traditionally triplicated with no switching mechanisms.
>...
> Hot standby is used for dual systems where one controller is online, and in the event of a failure, the system switches to the redundant controller. All DCS and general purpose PLCs operate this way.<

In some ways, both of those are fault tolerant, it's just a matter of what kinds of faults they tolerate: triplication can handle more than
duplication (hot standby).

The usual heuristic would suggest that triplication won't handle byzantine faults. (That's "n > 3a+2s+m", where a, s and m are the numbers of byzantine, ordinary and crash faults to be tolerated at any one time.)

I don't know if anyone actually bothers considering byzantine faults and the like in real-world automation; it seems much more common to insist that components be 100% reliable instead, which is (a) more expensive, and (b) not possible. Still, the rest of the system usually isn't that reliable either, so it wouldn't make sense to have a super-reliable controller.

Jiri
--
Jiri Baum <[email protected]> http://www.csse.monash.edu.au/~jirib
MAT LinuxPLC project --- http://mat.sf.net --- Machine Automation Tools
 
Top